CVE-2019-1829 — MEDIUM (6.7)

Q: How severe is CVE-2019-1829?

CVE-2019-1829 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-1829?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Aironet Access Point Firmware, Cisco Aironet 1542D, Cisco Aironet 1542I, Cisco Aironet 1562D, Cisco Aironet 1562E.

Vulnerability Description

A vulnerability in the CLI of Cisco Aironet Series Access Points (APs) could allow an authenticated, local attacker to gain access to the underlying Linux operating system (OS) without the proper authentication. The attacker would need valid administrator device credentials. The vulnerability is due to improper validation of user-supplied input for certain CLI commands. An attacker could exploit this vulnerability by authenticating to an affected device and submitting crafted input for a CLI command. A successful exploit could allow the attacker to obtain access to the underlying Linux OS without proper authentication.

CVSS Score

6.7

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Cisco	Aironet Access Point Firmware	< 8.3.150.0
Cisco	Aironet 1542D	-
Cisco	Aironet 1542I	-
Cisco	Aironet 1562D	-
Cisco	Aironet 1562E	-
Cisco	Aironet 1562I	-
Cisco	Aironet 1800I	-
Cisco	Aironet 2800E	-
Cisco	Aironet 2800I	-
Cisco	Aironet 3800E	-
Cisco	Aironet 3800I	-
Cisco	Aironet 3800P	-
Cisco	Aironet 1850E	-
Cisco	Aironet 1850I	-

Related Weaknesses (CWE)

CWE-78 CWE-16

References

http://www.securityfocus.com/bid/107990Third Party AdvisoryVDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
http://www.securityfocus.com/bid/107990Third Party AdvisoryVDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory

FAQ

What is CVE-2019-1829?

CVE-2019-1829 is a vulnerability with a CVSS score of 6.7 (MEDIUM). A vulnerability in the CLI of Cisco Aironet Series Access Points (APs) could allow an authenticated, local attacker to gain access to the underlying Linux operating system (OS) without the proper auth...

How severe is CVE-2019-1829?

CVE-2019-1829 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-1829?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Aironet Access Point Firmware, Cisco Aironet 1542D, Cisco Aironet 1542I, Cisco Aironet 1562D, Cisco Aironet 1562E.